January 15, 2012 at 2:30 am
Comments posted to this topic are about the item What, when and who? Auditing 101 - Part 2
-Roy
January 16, 2012 at 6:09 am
CDC is fine for tracking DATA but what about WHO changed it? I can't even seem to write a join query to show the changes to the data by who?
Back to audit triggers then, unless anyone can enlighten me.
Thanks
January 16, 2012 at 6:46 am
Who can be done by SQL Audit... I am half way through writing that article. That is the 3rd part of this series.
-Roy
January 16, 2012 at 7:49 am
Nice article. One question, you mention that it would be a good idea to have the database in Snapshot Isolation mode, but you don't really give any details as to why? I'd really like to know why I should use snapshot isolation along with CDC.
Jack Corbett
Consultant - Straight Path Solutions
Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
January 16, 2012 at 8:06 am
I gave a recommendation that for CDC to use Snapshot isolation due to two reason.
1. To make sure that there is no blocking caused when trying to get the LSN.
2. To make sure that you get the right LSN.
On a busy OLTP server, you are going to have high number of data changes and that means that the Max LSN will be changing at a very rapid rate. You want to make sure that the MAX LSN is the same through out the query you are using to retrieve the changes.
But it all depends on how you are retrieving the changes. There fore it is just a recommendation. It is not a must. I hope I was able to answer that question.
-Roy
January 16, 2012 at 9:23 am
Hey Roy,
Looking forward to Part #3. I really think 'Who' changed the data or 'What Process' is critical when it comes to logging.
I wanted to let you know how my company handles auditing 'WHO' in the hopes you may 'speak to it' in your next article.
We use a table similar to "Product". In the stored procedures that change data in this table we force developers to specify a LogUserID and a LogProcessID. The LogUserID represents the person logged into the system that pressed the 'save button' or 'delete button' on the GUI or it may be a system user. The LogProcessID is used to indicate if the change was triggered by a Web Application, A Nightly 'Product Price Update' Job sql server job, a windows service, a web service etc.
PRODUCT TABLE SCHEMA
----------------------------------
ProductID
Description
Price
LogUserID
AppProcessID
DateTimeModified
DateTimeInserted
PRODUCT TABLE SCHEMA IN LOG DATABASE - A trigger inserts into a duplicate table
------------------------------------------
AuditID
Action
ProductID
Description
Price
LogUserID
AppProcessID
DateTimeModified
DateTimeInserted
Anyway - I am really curious about the 'Who' in part #3 and hope you can cover this scenario in your article.
January 16, 2012 at 10:45 am
Hey Trevor,
Half of the article is already done. That part covers the "who". I have to do some work on the article to cover writing to Event log. Once that is done, I will submit it for publication.
Your present idea works when you have a controlled system like that. It just wont store the data if the update or select is done using SSMS. SQL Audit will be able to catch that.
-Roy
January 16, 2012 at 12:32 pm
Hey Roy,
You are right. The current method we don't catch SSMS changes. There also isn't a way to "Force" developers to supply a LogUserID. In some cases when we troubleshoot the database will say it was "Roy" that made the change, but really it was a System User because the developer script didn't update the LogUserID column. It gets messy when we delete rows from a table. The first thing we have to do is update the LogUserID for the rows we delete. Then we delete them.
Looking forward to part 3.
-Trevor
January 16, 2012 at 12:50 pm
Nicely done Roy.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
January 16, 2012 at 2:27 pm
Nice article Roy. Thanks!
Wayne
Microsoft Certified Master: SQL Server 2008
Author - SQL Server T-SQL Recipes
January 17, 2012 at 5:29 am
Thanks Jason, Thanks Wayne...
-Roy
February 2, 2012 at 1:56 pm
Thank you for the articles!
Are you going to cover auditing who reads which data, as well as changes?
February 3, 2012 at 6:36 am
Yes, that will be the third part of it. SQL Audit. I have completed 50% of that article. I need couple of more weeks to finish it off and then I will be submitting for publishing.
-Roy
February 21, 2012 at 7:24 am
Great article, thanks!
qh
March 9, 2012 at 4:58 am
Bummer!!!
Change data capture is only available in the Enterprise, Developer, and Enterprise Evaluation editions.
But great article nonetheless...
:crying:
Viewing 15 posts - 1 through 15 (of 22 total)
You must be logged in to reply to this topic. Login to reply